SaaS management for MSPs: what identity teams need to know

TL;DR: Centralized visibility, automated provisioning and deprovisioning, usage analytics, and access reporting across tenants define SaaS management for managed service providers, according to Josys. The governance issue is less about console consolidation than about whether MSPs can enforce consistent identity controls without losing client-specific accountability.

NHIMG editorial — based on content published by Josys: Josys SaaS Management Platform: Transforming MSP Operations

Questions worth separating out

Q: How should MSPs govern SaaS access across multiple client tenants?

A: MSPs should treat SaaS access as a tenant-specific governance problem, not a single shared admin task.

Q: When does centralised SaaS management create more risk than it reduces?

A: It creates more risk when the platform concentrates control without preserving separation of duties, tenant boundaries, and client-specific policy.

Q: What should teams get wrong about automated deprovisioning in SaaS environments?

A: The common mistake is assuming that automation equals complete offboarding.

Practitioner guidance

• Map delegated administration boundaries Document which tenant actions the MSP can take centrally, which require customer approval, and which must remain client-owned.
• Audit provisioning and deprovisioning workflows Test the full joiner-mover-leaver path for each application class, including removal of stale entitlements, subscription cleanup, and revocation of administrator roles when a contract or tenant relationship changes.
• Tie usage analytics to access review decisions Use application utilisation and inactivity signals to prioritise certification reviews, but require an owner to validate business need before removal.

What's in the full article

Josys' full blog covers the operational detail this post intentionally leaves for the source:

• A walkthrough of the centralized SaaS dashboard and multi-tenant client directory used for day-to-day administration.
• Details on automated provisioning, usage analytics, and integration capabilities for MSP workflows.
• Examples of how the platform supports compliance reporting and access reviews across multiple tenants.
• A customer case study reference showing how real-time alerts and audit logs were used in practice.

👉 Read Josys' analysis of SaaS management for MSP operations →

SaaS management for MSPs: what identity teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →